Intel just lately revealed its 2021 Product Safety Report, and it is a doozy. The report dives into all of the bugs, vulnerabilities, and extra that impacted Intel’s merchandise throughout the yr, and from a numbers perspective, there are a whole lot of fascinating figures to notice. Most of all, although, it is a glimpse of how Intel stacks up versus AMD with regards to ‘whose merchandise are safer than whose’, and the way Intel and AMD’s transient comradeship could have led to the most important weak spot in each firms’ armour.
In 2021, Intel reported a complete of 226 vulnerabilities in its product stack, starting from bugs in ethernet merchandise to FPGAs and all the things in between. Nearly all of these bugs had been found by Intel, although bug bounty applications and different organisations account for a hefty variety of the vulnerabilities reported.
The one largest supply of those vulnerabilities are Intel’s GPU merchandise, which totalled 52 in 2021. Then it is a tie between ethernet merchandise and software program for second, each claiming 34 bugs all year long.
In case you dive further into Intel’s GPU vulnerability stats, nevertheless, and duly famous by our mates at Tom’s Hardware, you may discover that numerous its GPU vulnerabilities are associated to only a handful of processors: eighth Gen Intel Core processors with Radeon RX Vega graphics.
And that greater than half of Intel’s GPU vulnerabilities had been in actual fact reported in AMD’s software program.
This stems from a short stint of cooperation between Intel and AMD, during which Intel supplied its Kaby Lake Core CPU structure alongside AMD-provided Radeon RX Vega M graphics. The ensuing Kaby Lake G chips fashioned the idea for a handful of merchandise after they had been launched in 2018, although the large considered one of curiosity is the Intel Hades Canyon gaming NUC.
This Hades Canyon NUC was a reasonably nifty little machine on the time, and it labored nice for me as a discrete streaming field. Although the Intel and AMD experiment it was born out of by no means went any additional.
The burden of bug fixing nonetheless falls on Intel and AMD’s shoulders, nevertheless—these processors are a poisoned chalice for each Intel and AMD, even in 2021.
Of the 52 vulnerabilities present in Intel’s GPU stack, 23 of them are associated to the Intel Core processors with Radeon RX Vega M graphics. Of those 23 bugs, AMD is assigned 22 of them, which for essentially the most half are discovered within the Radeon graphics drivers for Home windows. The Radeon software program installer is also famous as containing exploitable code.
The report states AMD had 27 graphics vulnerabilities reported in 2021, which is notably fewer than Intel’s 51. Intel does, nevertheless, state that it does not report bugs discovered by AMD straight and solely has entry to these reported between Could and December 2021.
In the end, although, the accountability falls on each firms to verify their merchandise are protected, and that features initiatives resembling Kaby Lake G which have since been thrown apart.
That is what’s been completed, too, as AMD outlines the mitigations for the CVE’s listed in AMD-SB-1000.
On to CPUs and Intel is claiming 16 newly found CPU vulnerabilities in 2021. That is a mixture of these found by Intel (10) and thru its bug bounty program (6).
AMD had 31 vulnerabilities in line with the report, although once more that is solely counting these found externally and reported throughout the given timeframe.
Each firms have just lately appeared to ramp up efforts in safety, most of all following main vulnerabilities resembling Meltdown and Spectre. Every year it is extra necessary than ever to take action, too, as not often a month goes by with out some incident of hacking, heisting, or black hatting.
My important takeaway from this report, nevertheless, is that Intel and AMD most likely will not wish to work collectively on any future initiatives.
